Update Microsoft Edge right now to fix a major security bug

Microsoft just released an Edge browser update that patches a dangerous flaw that could allow a cleverly designed attack to execute arbitrary code. While every security update should be installed promptly, this one is a bit more urgent because the attack is “in the wild” already, meaning that hackers are already taking advantage of this vulnerability to breach security.

Designated CVE-2022-2294, this vulnerability was actually a flaw with the Chromium project, the open-source code that Google’s Chrome browser is built upon. Microsoft uses the same base code for the Edge browser, meaning bugs that affect one often plague the other. Google patched the same bug recently and has been keeping quiet about details of the attack to allow others to make similar fixes, since Chromium is quite a popular codebase.

The Microsoft Edge browser is open on a Surface Book 2 in tablet mode.

Microsoft recommends updating your browser as soon as possible, as there’s a chance this bug is already impacting PCs. Without the update, hackers could launch attacks that give them full control over your computer, showcasing how severe this security risk is.

How to protect yourself

To update Microsoft Edge, click the three horizontal dots at the upper-right to open a menu of options, choose Help and feedback, then About Microsoft Edge. In most cases, the update should have already been downloaded or could begin downloading. If not, start the update manually.

The About Microsoft Edge page is where you can update.

When the download is complete, the Edge browser needs to be restarted to complete the installation. Click the Restart button or close and reopen Edge to get a fresh start. At this point, it’s safe to browse again without concern about this particular bug.

Microsoft recommends choosing automatic updates for the Edge browser, which is possible from the same page. If there is an option to Download and install updates automatically, it would be wise to enable it to get security updates as quickly as possible. Download over metered connections might also be seen and implies using a cellular connection. Since updates can sometimes be large, this option might be best left off unless using an unlimited plan.